Tag: Detection Content

Detect Borat Remote Access Malware
Detect Borat Remote Access Malware

A new tricky remote access tool dubbed Borat RAT was found by cybersecurity researchers. Just like the name suggests, it is a crazy mix of things that is hard to wrap your head around. Borat Trojan is a collection of malware modules coming with a builder and server certificate which includes more than 10 malicious […]

Read More
Detect Mars Stealer Cryptojacking Malware
Detect Mars Stealer Cryptojacking Malware

On March 30, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) put out a warning of a mass spread of malware named “Mars Stealer” targeting individuals and organizations in Ukraine. According to the CERT-UA research, adversaries behind Mars Stealer attacks are traced back to the hacking group tracked as UAC-0041 (associated with AgentTesla and […]

Read More
Colibri Loader Malware Detection: Unusual Persistence Using PowerShell
Colibri Loader Malware Detection: Unusual Persistence Using PowerShell

A malware loader Colibri that appeared not so long time ago – in August 2021, has been recently discovered delivering Vidar payloads in a new ongoing Colibri Loader campaign. Researchers indicate that Colibri uses an unusual persistence technique that hasn’t been tracked until this time. Updated functionality motivates adversaries to keep selling their new malware […]

Read More
FIN7 APT Group Updates: Incorporating Software Supply Chain Compromise, Enhancing Operations
FIN7 APT Group Updates: Incorporating Software Supply Chain Compromise, Enhancing Operations

FIN7, a financially motivated Russia-linked hacking group that has been active for almost a decade now, enhances its arsenal. FIN7 operations in general fall into two categories: Business Email Compromise (BEC) scams and point-of-sale (PoS) system intrusions. The threat actor is known for focusing their interest on financial organizations, even achieving the status of one […]

Read More
AsyncRAT Campaigns Feature 3LOSH Crypter That Obfuscates Payloads
AsyncRAT Campaigns Feature 3LOSH Crypter That Obfuscates Payloads

Ongoing malware distribution campaigns spread AsyncRAT, including the 3LOSH crypter across public repositories. Recent cybersecurity research analyzes the latest version of 3LOSH that is being used by adversaries to evade detection on devices in corporate environments. Besides AsyncRAT, a number of other commodity malware strains can be distributed by the same operator. The purpose of […]

Read More
Armageddon Cyber Espionage Group Tracked As UAC-0010 Attacks EU and Ukrainian Government Entities
Armageddon Cyber Espionage Group Tracked As UAC-0010 Attacks EU and Ukrainian Government Entities

Update: According to the latest heads-up from Arpil 7, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) issued an alert with the details of the most recent phishing attack on Ukrainian state bodies hard on the heels of the attack kill chain a couple of days ago identified by the similar behavior patterns.  On […]

Read More
Detect CVE-2022-22965: Updates on Spring Framework RCE
Detect CVE-2022-22965: Updates on Spring Framework RCE

In March 2022, several novel vulnerabilities in the Java Spring framework were disclosed. One of these flaws affects a component in Spring Core, enabling adversaries to drop a webshell, granting Remote Command Execution (RCE). As of April 5, 2022, the SpringShell vulnerability tracked as CVE-2022-22965 is now confirmed to be of critical severity. CVE-2022-22965 Detection […]

Read More
Fire Chili Rootkit: Deep Panda APT Resurfaces With New Log4Shell Exploits
Fire Chili Rootkit: Deep Panda APT Resurfaces With New Log4Shell Exploits

Fire Chili is a novel strain of malware that has been leveraged by a Chinese APT group Deep Panda exploiting Log4Shell vulnerability in VMware Horizon servers. The primary focus of adversaries is cyber espionage. Targeted organizations include financial institutions, academic, travel, and cosmetics industries. Log4Shell is associated with a high-severity CVE-2021-44228 vulnerability in the Log4j […]

Read More
IcedID Malware Hijacks Email Threads Delivering Unseen Payload
IcedID Malware Hijacks Email Threads Delivering Unseen Payload

A sudden surge in the activity of IcedID email hijacking was identified by security researchers. IcedID, a.k.a. BokBot has been operating since 2017. A gradual evolution has led this malware from being a regular banking trojan to a sophisticated payload that hijacks ongoing email conversations and injects malicious code through a network of compromised Microsoft […]

Read More
New FatalRAT Model: Purple Fox Hackers Are Increasing Their Botnet Infrastructure
New FatalRAT Model: Purple Fox Hackers Are Increasing Their Botnet Infrastructure

Purple Fox malware has been wreaking all sorts of havoc on personal computers since 2018, infecting more than 30,000 machines globally. The latest studies found that Purple Fox hackers continue improving their infrastructure and adding new backdoors. To expand the botnet scale, Purple Fox is spreading trojanized installers that masquerade as legitimate software packages. The […]

Read More